Fortinet black logo

Azure Administration Guide

Home FortiAnalyzer Public Cloud 7.4.0 Azure Administration Guide
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0

FortiAnalyzer HA configuration

FortiAnalyzer HA configuration

To configure the HA primary (fazha001):
  1. In the fazha001 CLI, configure the following:

    config system ha

    set mode a-p

    set group-id 99

    set group-name "fazha"

    set password ENC *****

    config peer

    edit 1

    set ip "10.0.10.5"

    set serial-number "FAZVMSTM23000504"

    next

    end

    set preferred-role primary

    set priority 120

    config vip

    edit 1

    set vip "10.0.10.10"

    set vip-interface "port1"

    next

    end

    end

In the fazha001 CLI, enter get system ha:

load-balance : round-robin

mode : a-p

cfg-sync-hb-interval: 4

group-id : 99

group-name : fazha

hb-interface : (null)

hb-interval : 4

healthcheck :

initial-sync-threads: 4

log-sync : enable

password : *

peer:

== [ 1 ]

id: 1

preferred-role : primary

priority : 120

unicast : enable

vip:

== [ 1 ]

id: 1

In the fazha001 CLI, enter diagnose ha status:

HA-Status: Primary

up-time: 24m54.471s

config-sync: Allow

serial-no: FAZVMSTM23000503

fazuid: 3433169053

hostname: fazha001

load balance status: 0x0

HA-Secondary fazha@10.0.10.5 FAZVMSTM23000504

ip: 10.0.10.5

serial-no: FAZVMSTM23000504

fazuid: 4148610926

hostname: fazha002

conn-st: up

up/down-time: 24m52.671s

conn-msg:

cfgsync-st: up, 24m29.860s

data-init-sync-st: done, 24m41.864s

In the fazha001 CLI, diagnose the sniffer "VRRP Traffic" by entering diagnose sniffer packet port1 "ip proto 112" 4:

interfaces=[port1]

filters=[ip proto 112]

0.738575 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

4.738635 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

8.738767 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

12.738834 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

16.738975 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

20.739038 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

^C

6 packets received by filter

0 packets dropped by kernel

Note

The VRRP traffic is sent every 4 seconds as asked with the system.ha.hb-interval.
To configure the HA secondary (fazha002):
  1. In the fazha002 CLI, configure the following:

    config system ha

    set mode a-p

    set group-id 99

    set group-name "fazha"

    set password ENC *****

    config peer

    edit 1

    set ip "10.0.10.4"

    set serial-number "FAZVMSTM23000503"

    next

    end

    config vip

    edit 1

    set vip "10.0.10.10"

    set vip-interface "port1"

    next

    end

    end

In the fazha002 CLI, enter get system ha:

load-balance : round-robin

mode : a-p

cfg-sync-hb-interval: 4

group-id : 99

group-name : fazha

hb-interface : (null)

hb-interval : 4

healthcheck :

initial-sync-threads: 4

log-sync : enable

password : *

peer:

== [ 1 ]

id: 1

preferred-role : secondary

priority : 100

unicast : enable

vip:

== [ 1 ]

id: 1

In the fazha002 CLI, enter diagnose ha status:

HA-Status: Secondary

up-time: 30m17.138s

config-sync: Allow

serial-no: FAZVMSTM23000504

fazuid: 4148610926

hostname: fazha002

load balance status: 0x8

HA-Primary fazha@10.0.10.4 FAZVMSTM23000503

ip: 10.0.10.4

serial-no: FAZVMSTM23000503

fazuid: 3433169053

hostname: fazha001

conn-st: up

up/down-time: 30m15.638s

conn-msg:

cfgsync-st: up, 29m55.529s

data-init-sync-st: done, 30m13.335s

In the fazha002 CLI, diagnose the sniffer "VRRP Traffic" by entering diagnose sniffer packet port1 "ip proto 112" 4:

interfaces=[port1]

filters=[ip proto 112]

2.742323 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

6.742478 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

10.742971 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

14.742574 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

18.742743 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

22.742777 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

^C

6 packets received by filter

0 packets dropped by kernel

Note

The VRRP traffic is sent every 4 seconds as asked with the system.ha.hb-interval.
Previous
Next

FortiAnalyzer HA configuration

To configure the HA primary (fazha001):
  1. In the fazha001 CLI, configure the following:

    config system ha

    set mode a-p

    set group-id 99

    set group-name "fazha"

    set password ENC *****

    config peer

    edit 1

    set ip "10.0.10.5"

    set serial-number "FAZVMSTM23000504"

    next

    end

    set preferred-role primary

    set priority 120

    config vip

    edit 1

    set vip "10.0.10.10"

    set vip-interface "port1"

    next

    end

    end

In the fazha001 CLI, enter get system ha:

load-balance : round-robin

mode : a-p

cfg-sync-hb-interval: 4

group-id : 99

group-name : fazha

hb-interface : (null)

hb-interval : 4

healthcheck :

initial-sync-threads: 4

log-sync : enable

password : *

peer:

== [ 1 ]

id: 1

preferred-role : primary

priority : 120

unicast : enable

vip:

== [ 1 ]

id: 1

In the fazha001 CLI, enter diagnose ha status:

HA-Status: Primary

up-time: 24m54.471s

config-sync: Allow

serial-no: FAZVMSTM23000503

fazuid: 3433169053

hostname: fazha001

load balance status: 0x0

HA-Secondary fazha@10.0.10.5 FAZVMSTM23000504

ip: 10.0.10.5

serial-no: FAZVMSTM23000504

fazuid: 4148610926

hostname: fazha002

conn-st: up

up/down-time: 24m52.671s

conn-msg:

cfgsync-st: up, 24m29.860s

data-init-sync-st: done, 24m41.864s

In the fazha001 CLI, diagnose the sniffer "VRRP Traffic" by entering diagnose sniffer packet port1 "ip proto 112" 4:

interfaces=[port1]

filters=[ip proto 112]

0.738575 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

4.738635 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

8.738767 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

12.738834 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

16.738975 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

20.739038 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

^C

6 packets received by filter

0 packets dropped by kernel

Note

The VRRP traffic is sent every 4 seconds as asked with the system.ha.hb-interval.
To configure the HA secondary (fazha002):
  1. In the fazha002 CLI, configure the following:

    config system ha

    set mode a-p

    set group-id 99

    set group-name "fazha"

    set password ENC *****

    config peer

    edit 1

    set ip "10.0.10.4"

    set serial-number "FAZVMSTM23000503"

    next

    end

    config vip

    edit 1

    set vip "10.0.10.10"

    set vip-interface "port1"

    next

    end

    end

In the fazha002 CLI, enter get system ha:

load-balance : round-robin

mode : a-p

cfg-sync-hb-interval: 4

group-id : 99

group-name : fazha

hb-interface : (null)

hb-interval : 4

healthcheck :

initial-sync-threads: 4

log-sync : enable

password : *

peer:

== [ 1 ]

id: 1

preferred-role : secondary

priority : 100

unicast : enable

vip:

== [ 1 ]

id: 1

In the fazha002 CLI, enter diagnose ha status:

HA-Status: Secondary

up-time: 30m17.138s

config-sync: Allow

serial-no: FAZVMSTM23000504

fazuid: 4148610926

hostname: fazha002

load balance status: 0x8

HA-Primary fazha@10.0.10.4 FAZVMSTM23000503

ip: 10.0.10.4

serial-no: FAZVMSTM23000503

fazuid: 3433169053

hostname: fazha001

conn-st: up

up/down-time: 30m15.638s

conn-msg:

cfgsync-st: up, 29m55.529s

data-init-sync-st: done, 30m13.335s

In the fazha002 CLI, diagnose the sniffer "VRRP Traffic" by entering diagnose sniffer packet port1 "ip proto 112" 4:

interfaces=[port1]

filters=[ip proto 112]

2.742323 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

6.742478 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

10.742971 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

14.742574 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

18.742743 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

22.742777 10.0.10.4 -> 10.0.10.5: ip-proto-112 20

^C

6 packets received by filter

0 packets dropped by kernel

Note

The VRRP traffic is sent every 4 seconds as asked with the system.ha.hb-interval.
Previous
Next